User login

IoT Security Top of Mind for Industry Leaders

But could it be that with all the data we willingly share online, and through our mobile devices, we’ve created our own monster?

“What does your mobile phone know about you?” asked Caleb Barlow, vice president of global portfolio marketing at IBM Security, during a panel discussion at LiveWorx.

“All of those apps are connected to the cloud, and we’ve created an economy where sharing about ourselves is driving development,” Barlow said. “Now when you walk into a restaurant, you are the cow that’s being sold.”

And it’s not just the mobile devices we carry around in our pockets.

What is an IoT thermostat about? It’s got nothing to do with temperature,” Barlow said. “It knows about your movement and activity. It’s incredibly valuable when correlated with other bits of information.”

But how can businesses ensure data collected from these kinds of devices is secure?

“A company has to think about security by design,” Barlow said. “Finding a vulnerability early in the lifecycle is easier to fix. In the supply chain it costs millions of dollars.”

In the IoT business, defense is only one piece of the puzzle. Resiliency is also key.

“What happens when there is a bridge in your security? How do you continue operations? Do you know who’s in charge? Who to call or what to say?”

You need live-action drills to accomplish this kind of resilience, Barlow said.

“When you define resilience the human element is important,” added Edna Conway, chief security officer of global supply chains at Cisco Systems. “If there is a crisis, the reality is your people are not going to take their laptops home and continue to work.”

Addressing concerns that security challenges could stifle innovation, Barlow said the regulatory environment is still unclear. IBM, which has one of the largest threat research centers in the world, puts security first when designing and selling a platform, according to Barlow, and, he said, it’s up to individual companies to step up to the plate.

“There are no industry standards – you’re measured more by how you compare to others in your field.”

But initiating a strong security plan can be difficult.

“Security is complicated, dry and boring, and it flies in the face of today’s instant gratification mentality,” said John Canosa, chief strategist at ThingWorx.

Companies are often slow to think about and adopt security measures around the IoT because there can be a whole range of connected devices and the challenge is sweeping, Canosa said.

“First you have to define what is the ‘thing’ and then it filters up,” he said. “Security is a moving target and it’s never-ending.